SlideShare une entreprise Scribd logo

UKC - Msc Project - Providing Moonshot access to OpenStack

Vincent Giersch
Vincent Giersch
Technologie
1  sur  33
Télécharger pour lire hors ligne
Providing Moonshot access to OpenStack Vincent Giersch - vg66 MSc Computer Security - University of Kent Moonshot Supervisor: David Chadwick
Contents • Moonshot overview • OpenStack overview • Providing Moonshot access to OpenStack • Federated Keystone • How it will work ? • Technical architecture • Roadmap • Questions
Moonshot Overview Moonshot
Moonshot Federated authentication and authorization For web and non-web services and applications
Example: IE à Apache Moonshot Source: Janet
Example: PuTTY à OpenSSH Moonshot Source: Janet
Moonshot technologies Moonshot is built on: • Strong authentication: EAP/RADIUS • Strong authorisation: SAML • Easy service/application integration: SASL/GSS-API Standardisation approaching completion within the Internet Engineering Task Force (IETF) Moonshot
OpenStack Overview
Starting the virtualization... Source: OpenStack Foundation
Starting the virtualization... Host 1 Host 2 Host 3 Host 4, etc. Hypervisor (VMWare ESX, Citrix XEN Server, KVM, etc.) Hardware abstraction for each server Source: OpenStack Foundation
... but how to manage the resources ? Provisioning ? User management ?
Add the missing cloud management layer APIs Self-service for users Creates Automates Pools of Resources deployment
Main components of OpenStack Applications APIs Identity Compute Storage Network Keystone Nova Swift Quantum Standard Hardware
Moonshot +
Federated Keystone Allows to use external Identity Providers (IdP) Easy user provisioning Provides Single Sign On (SSO) to the users Developed as a Keystone middleware
How it will work ?
How it will work ? Asks a list of Identity providers User Keystone
How it will work ? Returns the Identity Providers available User Keystone
How it will work ? Chooses a IdP (Moonshot) User Keystone
How it will work ? Returns Moonshot details User Keystone
How it will work ? Chooses the identity that he will use User Keystone
How it will work ? Negotiate authentication User Keystone Identity Provider
How it will work ? Returns list of tenants User Keystone
How it will work ? Chooses a tenant User Keystone
How it will work ? Returns a tenant token User Keystone
How it will work ? User Keystone
Technical architecture OpenStack Client OpenStack Keystone Identity Provider
Technical architecture Federated Keystone Federated Keystone HTTP OpenStack Client OpenStack Keystone Identity Provider
Technical architecture Moonshot module Moonshot module Federated Keystone Federated Keystone HTTP OpenStack Client OpenStack Keystone Identity Provider
Technical architecture GSS-API GSS-API AAA AAA GSS AAA Moonshot module EAP mech Moonshot module transport Federated Keystone Federated Keystone HTTP OpenStack Client OpenStack Keystone Identity Provider
Technical architecture EAP method EAP peer EAP server GSS-API GSS-API AAA AAA GSS AAA Moonshot module EAP mech Moonshot module transport Federated Keystone Federated Keystone HTTP OpenStack Client OpenStack Keystone Identity Provider
Project roadmap • Study of the existing Moonshot implementations (e.g. Apache / Firefox). • Fork the PyKerberos library to add flexibility in the usage of the GSS-API C library. • Study of the potential needed improvements of the Keystone Federated protocol. • Implement the authentication / authorization Moonshot module. • Validation testing using a OpenStack client (e.g. python-swiftclient).
Questions ? Moonshot Vincent Giersch - vg66

Recommandé

Azure Kubernetes Service 2019 ふりかえり
Azure Kubernetes Service 2019 ふりかえりAzure Kubernetes Service 2019 ふりかえり
Azure Kubernetes Service 2019 ふりかえりToru Makabe
 
OpenStack keystone identity service
OpenStack keystone identity serviceOpenStack keystone identity service
OpenStack keystone identity serviceopenstackindia
 
Keystone - Openstack Identity Service
Keystone - Openstack Identity Service Keystone - Openstack Identity Service
Keystone - Openstack Identity Service Prasad Mukhedkar
 
RBAC in Azure Kubernetes Service AKS
RBAC in Azure Kubernetes Service AKSRBAC in Azure Kubernetes Service AKS
RBAC in Azure Kubernetes Service AKSEmad Alashi
 
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio TavillaOpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio TavillaLorenzo Carnevale
 
Azure vnet
Azure vnetAzure vnet
Azure vnetzekeLabs Technologies
 
ExpertsLive NL 2018 - A deepdive into Azure Networking
ExpertsLive NL 2018 - A deepdive into Azure NetworkingExpertsLive NL 2018 - A deepdive into Azure Networking
ExpertsLive NL 2018 - A deepdive into Azure NetworkingKarim Vaes
 
User authentication and authorizarion in Kubernetes
User authentication and authorizarion in KubernetesUser authentication and authorizarion in Kubernetes
User authentication and authorizarion in KubernetesNeependra Khare
 

Recommandé

Azure Kubernetes Service 2019 ふりかえり
Azure Kubernetes Service 2019 ふりかえりAzure Kubernetes Service 2019 ふりかえり
Azure Kubernetes Service 2019 ふりかえりToru Makabe
 
OpenStack keystone identity service
OpenStack keystone identity serviceOpenStack keystone identity service
OpenStack keystone identity serviceopenstackindia
 
Keystone - Openstack Identity Service
Keystone - Openstack Identity Service Keystone - Openstack Identity Service
Keystone - Openstack Identity Service Prasad Mukhedkar
 
RBAC in Azure Kubernetes Service AKS
RBAC in Azure Kubernetes Service AKSRBAC in Azure Kubernetes Service AKS
RBAC in Azure Kubernetes Service AKSEmad Alashi
 
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio TavillaOpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio TavillaLorenzo Carnevale
 
Azure vnet
Azure vnetAzure vnet
Azure vnetzekeLabs Technologies
 
ExpertsLive NL 2018 - A deepdive into Azure Networking
ExpertsLive NL 2018 - A deepdive into Azure NetworkingExpertsLive NL 2018 - A deepdive into Azure Networking
ExpertsLive NL 2018 - A deepdive into Azure NetworkingKarim Vaes
 
User authentication and authorizarion in Kubernetes
User authentication and authorizarion in KubernetesUser authentication and authorizarion in Kubernetes
User authentication and authorizarion in KubernetesNeependra Khare
 
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...Davide Benvegnù
 
Why Kubernetes on Azure
Why Kubernetes on AzureWhy Kubernetes on Azure
Why Kubernetes on AzureMicrosoft Tech Community
 
Let's Talk About: Azure Networking
Let's Talk About: Azure NetworkingLet's Talk About: Azure Networking
Let's Talk About: Azure NetworkingPedro Sousa
 
Global Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network SecurityGlobal Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network SecurityScott Hoag
 
IaC로 AWS인프라 관리하기 - 이진성 (AUSG) :: AWS Community Day Online 2021
IaC로 AWS인프라 관리하기 - 이진성 (AUSG) :: AWS Community Day Online 2021IaC로 AWS인프라 관리하기 - 이진성 (AUSG) :: AWS Community Day Online 2021
IaC로 AWS인프라 관리하기 - 이진성 (AUSG) :: AWS Community Day Online 2021AWSKRUG - AWS한국사용자모임
 
Windows Azure for Developers - Building Block Services
Windows Azure for Developers - Building Block ServicesWindows Azure for Developers - Building Block Services
Windows Azure for Developers - Building Block ServicesMichael Collier
 
Microsoft Azure News - 2018 December
Microsoft Azure News - 2018 DecemberMicrosoft Azure News - 2018 December
Microsoft Azure News - 2018 DecemberDaniel Toomey
 
Take the spaghetti out of windows azure – an insight for it pro techies part 2
Take the spaghetti out of windows azure – an insight for it pro techies part 2Take the spaghetti out of windows azure – an insight for it pro techies part 2
Take the spaghetti out of windows azure – an insight for it pro techies part 2Microsoft TechNet - Belgium and Luxembourg
 
Austin Scales - Nexus - Bazaarvoice's Cloud Infrastructure
Austin Scales - Nexus - Bazaarvoice's Cloud InfrastructureAustin Scales - Nexus - Bazaarvoice's Cloud Infrastructure
Austin Scales - Nexus - Bazaarvoice's Cloud Infrastructurebazaarvoice_engineering
 
infrastructure as code
infrastructure as codeinfrastructure as code
infrastructure as codeAmazon Web Services
 
Build 2017 - P4045 - Azure VNet for Containers
Build 2017 - P4045 - Azure VNet for ContainersBuild 2017 - P4045 - Azure VNet for Containers
Build 2017 - P4045 - Azure VNet for ContainersWindows Developer
 
Deep Dive on S3 Glacier Deep Archive
Deep Dive on S3 Glacier Deep ArchiveDeep Dive on S3 Glacier Deep Archive
Deep Dive on S3 Glacier Deep ArchiveAmazon Web Services
 
Building trust between modern distributed systems with spiffe
Building trust between modern distributed systems with spiffeBuilding trust between modern distributed systems with spiffe
Building trust between modern distributed systems with spiffeajessup
 
Building a multi-tenant cloud service from legacy code with Docker containers
Building a multi-tenant cloud service from legacy code with Docker containersBuilding a multi-tenant cloud service from legacy code with Docker containers
Building a multi-tenant cloud service from legacy code with Docker containersaslomibm
 
GUJavaSC - Criando Micro-serviços Reativos com Java
GUJavaSC - Criando Micro-serviços Reativos com JavaGUJavaSC - Criando Micro-serviços Reativos com Java
GUJavaSC - Criando Micro-serviços Reativos com JavaRodrigo Cândido da Silva
 
Azure Hub spoke v1.0
Azure Hub spoke v1.0Azure Hub spoke v1.0
Azure Hub spoke v1.0Sayed Ashraf Kazi
 
Google Cloud Container Security Quick Overview
Google Cloud Container Security Quick OverviewGoogle Cloud Container Security Quick Overview
Google Cloud Container Security Quick OverviewKrishna-Kumar
 
Part 01: Azure Virtual Networks – An Overview
Part 01: Azure Virtual Networks – An OverviewPart 01: Azure Virtual Networks – An Overview
Part 01: Azure Virtual Networks – An OverviewNeeraj Kumar
 
JavaOne 2016 - Reactive Microservices with Java and Java EE
JavaOne 2016 - Reactive Microservices with Java and Java EEJavaOne 2016 - Reactive Microservices with Java and Java EE
JavaOne 2016 - Reactive Microservices with Java and Java EERodrigo Cândido da Silva
 
Microsoft Azure News - 2018 October
Microsoft Azure News - 2018 OctoberMicrosoft Azure News - 2018 October
Microsoft Azure News - 2018 OctoberDaniel Toomey
 
Flat - Présentation du 14/09/2013
Flat - Présentation du 14/09/2013Flat - Présentation du 14/09/2013
Flat - Présentation du 14/09/2013Vincent Giersch
 
UKC - Cloud computing - Group project
UKC - Cloud computing - Group projectUKC - Cloud computing - Group project
UKC - Cloud computing - Group projectVincent Giersch
 

Contenu connexe

Tendances

Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...Davide Benvegnù
 
Let's Talk About: Azure Networking
Let's Talk About: Azure NetworkingLet's Talk About: Azure Networking
Let's Talk About: Azure NetworkingPedro Sousa
 
Global Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network SecurityGlobal Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network SecurityScott Hoag
 
IaC로 AWS인프라 관리하기 - 이진성 (AUSG) :: AWS Community Day Online 2021
IaC로 AWS인프라 관리하기 - 이진성 (AUSG) :: AWS Community Day Online 2021IaC로 AWS인프라 관리하기 - 이진성 (AUSG) :: AWS Community Day Online 2021
IaC로 AWS인프라 관리하기 - 이진성 (AUSG) :: AWS Community Day Online 2021AWSKRUG - AWS한국사용자모임
 
Windows Azure for Developers - Building Block Services
Windows Azure for Developers - Building Block ServicesWindows Azure for Developers - Building Block Services
Windows Azure for Developers - Building Block ServicesMichael Collier
 
Microsoft Azure News - 2018 December
Microsoft Azure News - 2018 DecemberMicrosoft Azure News - 2018 December
Microsoft Azure News - 2018 DecemberDaniel Toomey
 
Take the spaghetti out of windows azure – an insight for it pro techies part 2
Take the spaghetti out of windows azure – an insight for it pro techies part 2Take the spaghetti out of windows azure – an insight for it pro techies part 2
Take the spaghetti out of windows azure – an insight for it pro techies part 2Microsoft TechNet - Belgium and Luxembourg
 
Austin Scales - Nexus - Bazaarvoice's Cloud Infrastructure
Austin Scales - Nexus - Bazaarvoice's Cloud InfrastructureAustin Scales - Nexus - Bazaarvoice's Cloud Infrastructure
Austin Scales - Nexus - Bazaarvoice's Cloud Infrastructurebazaarvoice_engineering
 
Build 2017 - P4045 - Azure VNet for Containers
Build 2017 - P4045 - Azure VNet for ContainersBuild 2017 - P4045 - Azure VNet for Containers
Build 2017 - P4045 - Azure VNet for ContainersWindows Developer
 
Deep Dive on S3 Glacier Deep Archive
Deep Dive on S3 Glacier Deep ArchiveDeep Dive on S3 Glacier Deep Archive
Deep Dive on S3 Glacier Deep ArchiveAmazon Web Services
 
Building trust between modern distributed systems with spiffe
Building trust between modern distributed systems with spiffeBuilding trust between modern distributed systems with spiffe
Building trust between modern distributed systems with spiffeajessup
 
Building a multi-tenant cloud service from legacy code with Docker containers
Building a multi-tenant cloud service from legacy code with Docker containersBuilding a multi-tenant cloud service from legacy code with Docker containers
Building a multi-tenant cloud service from legacy code with Docker containersaslomibm
 
GUJavaSC - Criando Micro-serviços Reativos com Java
GUJavaSC - Criando Micro-serviços Reativos com JavaGUJavaSC - Criando Micro-serviços Reativos com Java
GUJavaSC - Criando Micro-serviços Reativos com JavaRodrigo Cândido da Silva
 
Google Cloud Container Security Quick Overview
Google Cloud Container Security Quick OverviewGoogle Cloud Container Security Quick Overview
Google Cloud Container Security Quick OverviewKrishna-Kumar
 
Part 01: Azure Virtual Networks – An Overview
Part 01: Azure Virtual Networks – An OverviewPart 01: Azure Virtual Networks – An Overview
Part 01: Azure Virtual Networks – An OverviewNeeraj Kumar
 
JavaOne 2016 - Reactive Microservices with Java and Java EE
JavaOne 2016 - Reactive Microservices with Java and Java EEJavaOne 2016 - Reactive Microservices with Java and Java EE
JavaOne 2016 - Reactive Microservices with Java and Java EERodrigo Cândido da Silva
 
Microsoft Azure News - 2018 October
Microsoft Azure News - 2018 OctoberMicrosoft Azure News - 2018 October
Microsoft Azure News - 2018 OctoberDaniel Toomey
 

Tendances (20)

Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
 
Why Kubernetes on Azure
Why Kubernetes on AzureWhy Kubernetes on Azure
Why Kubernetes on Azure
 
Let's Talk About: Azure Networking
Let's Talk About: Azure NetworkingLet's Talk About: Azure Networking
Let's Talk About: Azure Networking
 
Global Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network SecurityGlobal Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network Security
 
IaC로 AWS인프라 관리하기 - 이진성 (AUSG) :: AWS Community Day Online 2021
IaC로 AWS인프라 관리하기 - 이진성 (AUSG) :: AWS Community Day Online 2021IaC로 AWS인프라 관리하기 - 이진성 (AUSG) :: AWS Community Day Online 2021
IaC로 AWS인프라 관리하기 - 이진성 (AUSG) :: AWS Community Day Online 2021
 
Windows Azure for Developers - Building Block Services
Windows Azure for Developers - Building Block ServicesWindows Azure for Developers - Building Block Services
Windows Azure for Developers - Building Block Services
 
Microsoft Azure News - 2018 December
Microsoft Azure News - 2018 DecemberMicrosoft Azure News - 2018 December
Microsoft Azure News - 2018 December
 
Take the spaghetti out of windows azure – an insight for it pro techies part 2
Take the spaghetti out of windows azure – an insight for it pro techies part 2Take the spaghetti out of windows azure – an insight for it pro techies part 2
Take the spaghetti out of windows azure – an insight for it pro techies part 2
 
Austin Scales - Nexus - Bazaarvoice's Cloud Infrastructure
Austin Scales - Nexus - Bazaarvoice's Cloud InfrastructureAustin Scales - Nexus - Bazaarvoice's Cloud Infrastructure
Austin Scales - Nexus - Bazaarvoice's Cloud Infrastructure
 
infrastructure as code
infrastructure as codeinfrastructure as code
infrastructure as code
 
Build 2017 - P4045 - Azure VNet for Containers
Build 2017 - P4045 - Azure VNet for ContainersBuild 2017 - P4045 - Azure VNet for Containers
Build 2017 - P4045 - Azure VNet for Containers
 
Deep Dive on S3 Glacier Deep Archive
Deep Dive on S3 Glacier Deep ArchiveDeep Dive on S3 Glacier Deep Archive
Deep Dive on S3 Glacier Deep Archive
 
Building trust between modern distributed systems with spiffe
Building trust between modern distributed systems with spiffeBuilding trust between modern distributed systems with spiffe
Building trust between modern distributed systems with spiffe
 
Building a multi-tenant cloud service from legacy code with Docker containers
Building a multi-tenant cloud service from legacy code with Docker containersBuilding a multi-tenant cloud service from legacy code with Docker containers
Building a multi-tenant cloud service from legacy code with Docker containers
 
GUJavaSC - Criando Micro-serviços Reativos com Java
GUJavaSC - Criando Micro-serviços Reativos com JavaGUJavaSC - Criando Micro-serviços Reativos com Java
GUJavaSC - Criando Micro-serviços Reativos com Java
 
Azure Hub spoke v1.0
Azure Hub spoke v1.0Azure Hub spoke v1.0
Azure Hub spoke v1.0
 
Google Cloud Container Security Quick Overview
Google Cloud Container Security Quick OverviewGoogle Cloud Container Security Quick Overview
Google Cloud Container Security Quick Overview
 
Part 01: Azure Virtual Networks – An Overview
Part 01: Azure Virtual Networks – An OverviewPart 01: Azure Virtual Networks – An Overview
Part 01: Azure Virtual Networks – An Overview
 
JavaOne 2016 - Reactive Microservices with Java and Java EE
JavaOne 2016 - Reactive Microservices with Java and Java EEJavaOne 2016 - Reactive Microservices with Java and Java EE
JavaOne 2016 - Reactive Microservices with Java and Java EE
 
Microsoft Azure News - 2018 October
Microsoft Azure News - 2018 OctoberMicrosoft Azure News - 2018 October
Microsoft Azure News - 2018 October
 

En vedette

Flat - Présentation du 14/09/2013
Flat - Présentation du 14/09/2013Flat - Présentation du 14/09/2013
Flat - Présentation du 14/09/2013Vincent Giersch
 
UKC - Cloud computing - Group project
UKC - Cloud computing - Group projectUKC - Cloud computing - Group project
UKC - Cloud computing - Group projectVincent Giersch
 
"How to optimize the architecture of your platform" by Julien Simon
"How to optimize the architecture of your platform" by Julien Simon"How to optimize the architecture of your platform" by Julien Simon
"How to optimize the architecture of your platform" by Julien SimonTheFamily
 
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...Vincent Giersch
 
An introduction to serverless architectures (February 2017)
An introduction to serverless architectures (February 2017)An introduction to serverless architectures (February 2017)
An introduction to serverless architectures (February 2017)Julien SIMON
 
Viadeo - Cost Driven Development
Viadeo - Cost Driven DevelopmentViadeo - Cost Driven Development
Viadeo - Cost Driven DevelopmentJulien SIMON
 
Amazon AI (February 2017)
Amazon AI (February 2017)Amazon AI (February 2017)
Amazon AI (February 2017)Julien SIMON
 
Developing and deploying serverless applications (February 2017)
Developing and deploying serverless applications (February 2017)Developing and deploying serverless applications (February 2017)
Developing and deploying serverless applications (February 2017)Julien SIMON
 

En vedette (8)

Flat - Présentation du 14/09/2013
Flat - Présentation du 14/09/2013Flat - Présentation du 14/09/2013
Flat - Présentation du 14/09/2013
 
UKC - Cloud computing - Group project
UKC - Cloud computing - Group projectUKC - Cloud computing - Group project
UKC - Cloud computing - Group project
 
"How to optimize the architecture of your platform" by Julien Simon
"How to optimize the architecture of your platform" by Julien Simon"How to optimize the architecture of your platform" by Julien Simon
"How to optimize the architecture of your platform" by Julien Simon
 
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
 
An introduction to serverless architectures (February 2017)
An introduction to serverless architectures (February 2017)An introduction to serverless architectures (February 2017)
An introduction to serverless architectures (February 2017)
 
Viadeo - Cost Driven Development
Viadeo - Cost Driven DevelopmentViadeo - Cost Driven Development
Viadeo - Cost Driven Development
 
Amazon AI (February 2017)
Amazon AI (February 2017)Amazon AI (February 2017)
Amazon AI (February 2017)
 
Developing and deploying serverless applications (February 2017)
Developing and deploying serverless applications (February 2017)Developing and deploying serverless applications (February 2017)
Developing and deploying serverless applications (February 2017)
 

Similaire à UKC - Msc Project - Providing Moonshot access to OpenStack

OpenStack at Xen summit Asia
OpenStack at Xen summit Asia OpenStack at Xen summit Asia
OpenStack at Xen summit Asia Jaesuk Ahn
 
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-RegionJi-Woong Choi
 
Openstack Global Meetup
Openstack Global Meetup Openstack Global Meetup
Openstack Global Meetup openstackindia
 
Openstack: Open Source software for building public and private cloud.
Openstack: Open Source software for building public and private cloud.Openstack: Open Source software for building public and private cloud.
Openstack: Open Source software for building public and private cloud.Atul Jha
 
OpenStack: Open Source Private/Public Cloud Software
OpenStack: Open Source Private/Public Cloud SoftwareOpenStack: Open Source Private/Public Cloud Software
OpenStack: Open Source Private/Public Cloud Softwareopenstackindia
 
Aptira presents OpenStack keystone identity service
Aptira presents OpenStack keystone identity serviceAptira presents OpenStack keystone identity service
Aptira presents OpenStack keystone identity serviceOpenStack
 
OpenStack As A Strategy For Future Growth at Cisco
OpenStack As A Strategy For Future Growth at CiscoOpenStack As A Strategy For Future Growth at Cisco
OpenStack As A Strategy For Future Growth at CiscoLew Tucker
 
Introduction and hacking OpenStack, Pycon India
Introduction and hacking OpenStack, Pycon IndiaIntroduction and hacking OpenStack, Pycon India
Introduction and hacking OpenStack, Pycon IndiaAtul Jha
 
7 - Introduction to OpenStack & SDN by Ady Saputra
7 - Introduction to OpenStack & SDN by Ady Saputra7 - Introduction to OpenStack & SDN by Ady Saputra
7 - Introduction to OpenStack & SDN by Ady SaputraSDNRG ITB
 
Open stack in sina
Open stack in sinaOpen stack in sina
Open stack in sinaHui Cheng
 
Visão Técnica - RHOS (Red Hat Enterprise Linux OpenStack)
Visão Técnica - RHOS (Red Hat Enterprise Linux OpenStack)Visão Técnica - RHOS (Red Hat Enterprise Linux OpenStack)
Visão Técnica - RHOS (Red Hat Enterprise Linux OpenStack)Raul Leite
 
What is OpenStack and the added value of IBM solutions
What is OpenStack and the added value of IBM solutionsWhat is OpenStack and the added value of IBM solutions
What is OpenStack and the added value of IBM solutionsSasha Lazarevic
 
OpenStack Winfest2011
OpenStack Winfest2011OpenStack Winfest2011
OpenStack Winfest2011Open Stack
 
OpenStack Overview for Austin Cloud User Group
OpenStack Overview for Austin Cloud User GroupOpenStack Overview for Austin Cloud User Group
OpenStack Overview for Austin Cloud User GroupAnne Gentle
 
Openstack Fundamentals by CloudZone @Back2School
Openstack Fundamentals by CloudZone @Back2SchoolOpenstack Fundamentals by CloudZone @Back2School
Openstack Fundamentals by CloudZone @Back2SchoolAsaf Abres
 
Openstack presentation
Openstack presentationOpenstack presentation
Openstack presentationSankalp Jain
 
Essel cloud-tecnical
Essel cloud-tecnicalEssel cloud-tecnical
Essel cloud-tecnicalTapas Shome
 

Similaire à UKC - Msc Project - Providing Moonshot access to OpenStack (20)

OpenStack at Xen summit Asia
OpenStack at Xen summit Asia OpenStack at Xen summit Asia
OpenStack at Xen summit Asia
 
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
 
Openstack Global Meetup
Openstack Global Meetup Openstack Global Meetup
Openstack Global Meetup
 
Openstack: Open Source software for building public and private cloud.
Openstack: Open Source software for building public and private cloud.Openstack: Open Source software for building public and private cloud.
Openstack: Open Source software for building public and private cloud.
 
OpenStack: Open Source Private/Public Cloud Software
OpenStack: Open Source Private/Public Cloud SoftwareOpenStack: Open Source Private/Public Cloud Software
OpenStack: Open Source Private/Public Cloud Software
 
Aptira presents OpenStack keystone identity service
Aptira presents OpenStack keystone identity serviceAptira presents OpenStack keystone identity service
Aptira presents OpenStack keystone identity service
 
Dev ops operations openstack
Dev ops operations openstackDev ops operations openstack
Dev ops operations openstack
 
OpenStack As A Strategy For Future Growth at Cisco
OpenStack As A Strategy For Future Growth at CiscoOpenStack As A Strategy For Future Growth at Cisco
OpenStack As A Strategy For Future Growth at Cisco
 
Introduction and hacking OpenStack, Pycon India
Introduction and hacking OpenStack, Pycon IndiaIntroduction and hacking OpenStack, Pycon India
Introduction and hacking OpenStack, Pycon India
 
OpenStack meetup @ Bangalore on 31st Mar 2018
OpenStack meetup @ Bangalore on 31st Mar 2018OpenStack meetup @ Bangalore on 31st Mar 2018
OpenStack meetup @ Bangalore on 31st Mar 2018
 
7 - Introduction to OpenStack & SDN by Ady Saputra
7 - Introduction to OpenStack & SDN by Ady Saputra7 - Introduction to OpenStack & SDN by Ady Saputra
7 - Introduction to OpenStack & SDN by Ady Saputra
 
Open stack in sina
Open stack in sinaOpen stack in sina
Open stack in sina
 
Visão Técnica - RHOS (Red Hat Enterprise Linux OpenStack)
Visão Técnica - RHOS (Red Hat Enterprise Linux OpenStack)Visão Técnica - RHOS (Red Hat Enterprise Linux OpenStack)
Visão Técnica - RHOS (Red Hat Enterprise Linux OpenStack)
 
What is OpenStack and the added value of IBM solutions
What is OpenStack and the added value of IBM solutionsWhat is OpenStack and the added value of IBM solutions
What is OpenStack and the added value of IBM solutions
 
Sharad openstack slides
Sharad openstack slidesSharad openstack slides
Sharad openstack slides
 
OpenStack Winfest2011
OpenStack Winfest2011OpenStack Winfest2011
OpenStack Winfest2011
 
OpenStack Overview for Austin Cloud User Group
OpenStack Overview for Austin Cloud User GroupOpenStack Overview for Austin Cloud User Group
OpenStack Overview for Austin Cloud User Group
 
Openstack Fundamentals by CloudZone @Back2School
Openstack Fundamentals by CloudZone @Back2SchoolOpenstack Fundamentals by CloudZone @Back2School
Openstack Fundamentals by CloudZone @Back2School
 
Openstack presentation
Openstack presentationOpenstack presentation
Openstack presentation
 
Essel cloud-tecnical
Essel cloud-tecnicalEssel cloud-tecnical
Essel cloud-tecnical
 

Dernier

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

Dernier (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

UKC - Msc Project - Providing Moonshot access to OpenStack

  • 1. Providing Moonshot access to OpenStack Vincent Giersch - vg66 MSc Computer Security - University of Kent Moonshot Supervisor: David Chadwick
  • 2. Contents • Moonshot overview • OpenStack overview • Providing Moonshot access to OpenStack • Federated Keystone • How it will work ? • Technical architecture • Roadmap • Questions
  • 3. Moonshot Overview Moonshot
  • 4. Moonshot Federated authentication and authorization For web and non-web services and applications
  • 5. Example: IE à Apache Moonshot Source: Janet
  • 6. Example: PuTTY à OpenSSH Moonshot Source: Janet
  • 7. Moonshot technologies Moonshot is built on: • Strong authentication: EAP/RADIUS • Strong authorisation: SAML • Easy service/application integration: SASL/GSS-API Standardisation approaching completion within the Internet Engineering Task Force (IETF) Moonshot
  • 9. Starting the virtualization... Source: OpenStack Foundation
  • 10. Starting the virtualization... Host 1 Host 2 Host 3 Host 4, etc. Hypervisor (VMWare ESX, Citrix XEN Server, KVM, etc.) Hardware abstraction for each server Source: OpenStack Foundation
  • 11. ... but how to manage the resources ? Provisioning ? User management ?
  • 12. Add the missing cloud management layer APIs Self-service for users Creates Automates Pools of Resources deployment
  • 13. Main components of OpenStack Applications APIs Identity Compute Storage Network Keystone Nova Swift Quantum Standard Hardware
  • 14. Moonshot +
  • 15. Federated Keystone Allows to use external Identity Providers (IdP) Easy user provisioning Provides Single Sign On (SSO) to the users Developed as a Keystone middleware
  • 16. How it will work ?
  • 17. How it will work ? Asks a list of Identity providers User Keystone
  • 18. How it will work ? Returns the Identity Providers available User Keystone
  • 19. How it will work ? Chooses a IdP (Moonshot) User Keystone
  • 20. How it will work ? Returns Moonshot details User Keystone
  • 21. How it will work ? Chooses the identity that he will use User Keystone
  • 22. How it will work ? Negotiate authentication User Keystone Identity Provider
  • 23. How it will work ? Returns list of tenants User Keystone
  • 24. How it will work ? Chooses a tenant User Keystone
  • 25. How it will work ? Returns a tenant token User Keystone
  • 26. How it will work ? User Keystone
  • 27. Technical architecture OpenStack Client OpenStack Keystone Identity Provider
  • 28. Technical architecture Federated Keystone Federated Keystone HTTP OpenStack Client OpenStack Keystone Identity Provider
  • 29. Technical architecture Moonshot module Moonshot module Federated Keystone Federated Keystone HTTP OpenStack Client OpenStack Keystone Identity Provider
  • 30. Technical architecture GSS-API GSS-API AAA AAA GSS AAA Moonshot module EAP mech Moonshot module transport Federated Keystone Federated Keystone HTTP OpenStack Client OpenStack Keystone Identity Provider
  • 31. Technical architecture EAP method EAP peer EAP server GSS-API GSS-API AAA AAA GSS AAA Moonshot module EAP mech Moonshot module transport Federated Keystone Federated Keystone HTTP OpenStack Client OpenStack Keystone Identity Provider
  • 32. Project roadmap • Study of the existing Moonshot implementations (e.g. Apache / Firefox). • Fork the PyKerberos library to add flexibility in the usage of the GSS-API C library. • Study of the potential needed improvements of the Keystone Federated protocol. • Implement the authentication / authorization Moonshot module. • Validation testing using a OpenStack client (e.g. python-swiftclient).
  • 33. Questions ? Moonshot Vincent Giersch - vg66